<?php
/*
 * auth.php - Given a token, return an XML document listing user authorizations
 *            to use application services, including any custom settings:
 *
 * <auth>
 *   <user>
 *     <settings>
 *       <setting name="foo">bar</setting>
 *     </settings>
 *   </user>
 *   <apps>
 *     <app id="1" name="app1" token="token1">
 *       <settings>
 *         <setting name="foo">bar</setting>
 *       </settings>
 *       <services>
 *         <service id="1" name="service1" level="user">
 *           <settings>
 *             <setting name="foo">bar</setting>
 *           </settings>
 *         </service>
 *       </services>
 *     </app>
 *   </apps>
 * </auth>
 */
include_once('../../../notex.php');
$notex = new NOTEX();

// Get the database options

$options = simplexml_load_file('../options.jsx');

// Describe how to use this script

$params = array(
    'session_id' => 'The session identifier',
    'remote_addr' => 'The remote IP address',
);
$notex->usage('auth.php will return a list of authorized services for a session.', $params);

// Get the session ID and remote address

$session_id = preg_replace('/\W/', '', param('session_id'));
if (!$session_id) $notex->error('No "session_id" parameter');
$remote_addr = preg_replace('/[^\d\.]/', '', param('remote_addr'));
if (!$remote_addr) $notex->error('No "remote_addr" parameter');

// Get the user ID from the session

$xml_data = GET("session.jsx?session_id=$session_id&remote_addr=$remote_addr");
$session = @simplexml_load_string($xml_data);
$user_id = $session->user->id;
if (!$user_id) $notex->error('Bad session user');

// Connect to the MySQL database

mysql_connect($options->db_host, $options->db_user, $options->db_pass);
mysql_select_db($options->database);

// First find the user and check the password

$sql = "select * from users where id = $user_id";
$res = mysql_query($sql);
$user = mysql_fetch_object($res);
if (!$user) $notex->error('Bad session user');

// Prepare the data arrays

$user_settings = array();
$apps = array();
$app_settings = array();
$service_ids = array();
$app_services = array();
$service_settings = array();

// Get any user settings

$sql = "select * from user_settings where user_id = $user->id";
$res = mysql_query($sql);
while ($setting = mysql_fetch_object($res))
{
    $user_settings[$setting->field] = $setting->value;
}

// Find the user's services

$sql = "select S.*, SU.level from services S, service_users SU where SU.user_id = $user->id and SU.service_id = S.id";
$res = mysql_query($sql);
while ($service = mysql_fetch_object($res))
{
    $service_ids[] = $service->id;
    $app_services[$service->app_id][] = $service;
}

// Find the services' apps and app settings

if (count($app_services))
{
    $sql = "select A.*, S.field, S.value from apps A left join app_settings S on S.app_id = A.id where A.id in (";
    $sql .= join(',', array_keys($app_services)) . ")";
    $res = mysql_query($sql);
    while ($app = mysql_fetch_object($res))
    {
        $app_id = $app->id;
        if (is_null($apps[$app_id])) $apps[$app_id] = $app;
        if ($app->field)
        {
            $app_settings[$app_id][$app->field] = $app->value;
        }
    }
}

// Now get any service settings

if (count($service_ids))
{
    $sql = "select * from service_settings where service_id in (";
    $sql .= join(',', $service_ids) . ")";
    $res = mysql_query($sql);
    while ($setting = mysql_fetch_object($res))
    {
        $service_settings[$setting->service_id][$setting->field] = $setting->value;
    }
}

// Close the database connection

mysql_close();

// Write out the user, apps, services and settings as XML

$out = "<auth>\n";
$out .= "  <user name=\"$user->name\" username=\"$user->username\" phone=\"$user->phone\" email=\"$user->email\" parent=\"$user->parent_id\">\n";
$out .= "    <settings>\n";
foreach ($user_settings as $field => $value)
{
    $out .= "      <setting field=\"$field\">$value</setting>\n";
}
$out .= "    </settings>\n";
$out .= "  </user>\n";
$out .= "  <apps>\n";
foreach ($app_services as $app_id => $services)
{
    $app = $apps[$app_id];
    $out .= "    <app id=\"$app->id\" name=\"$app->name\" token=\"$app->token\">\n";
    $out .= "      <settings>\n";
    if (is_array($app_settings[$app_id]))
    {
        foreach ($app_settings[$app_id] as $field => $value)
        {
            $out .= "        <setting field=\"$field\">$value</setting>\n";
        }
    }
    $out .= "      </settings>\n";
    $out .= "      <services>\n";

    foreach ($services as $service)
    {
        $out .= "        <service id=\"$service->id\" name=\"$service->name\" level=\"$service->level\">\n";
        $out .= "          <settings>\n";
        if (is_array($service_settings[$service->id]))
        {
            foreach ($service_settings[$service->id] as $field => $value)
            {
                $out .= "            <setting field=\"$field\">$value</setting>\n";
            }
        }
        $out .= "          </settings>\n";
        $out .= "        </service>\n";
    }
    $out .= "      </services>\n";
    $out .= "    </app>\n";
}
$out .= "  </apps>\n";
$out .= "</auth>\n";

// Print the output as XML data

header('Content-type: text/xml');
print $out;

// END
